VBulleting SQL injection vulnerability – Update now

  • May 30, 2011

A serious SQL injection vulnerability was reported on Vbulletin (4.0.x, 4.1.0, 4.1.1 and 4.1.2) last month and we are starting to see it being used to attack and infect forums using it. The vulnerability is very simple and explained here:

Multiple vBulletin Products ‘Search Multiple Content Types’ SQL Injection Vulnerability

 
Multiple vBulletin products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query.

 
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

 
The following example data are available:

&cat[0]=1) UNION SELECT database()#
&cat[0]=1) UNION SELECT table_name FROM information_schema.tables#
&cat[0]=1) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt) FROM user WHERE userid=1#

There is even a video on Youtube showing how to do it:

So if you are a Vbulletin user, update it now! If you think your site is already hacked or compromised, you can scan it here: http://sitecheck.sucuri.net or contact us for help.

*Thanks to Marcus Maciel for the reminder and help.

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Related Tags
1 comment
  1. Pingback: Actual Security » VBulleting SQL injection vulnerability

Comments are closed.

Related Categories
You May Also Like